Posts Tagged ‘Device Identification’

Health insurance, workers compensation, a vision plan, dental insurance, life insurance, a pension plan, FICA. And, did we mention vacations and holidays? Good employees don’t come cheap. So, if you only need them occasionally, doesn’t it make sense to just hire temps?

Entrepreneurs Dmitry Naskovets and Sergey Semashko thought so. And, what did they get for their troubles? Sent up the river. That’s what.

To initiate wire transfers, unblock accounts or change account contact information, financial institutions usually require an account holder to authorize the transaction by phone.

So back in June 2007, Dmitry and Sergey got the bright idea to launch CallService.biz, a Russian-language site, which, according to Wired.com “filled a much-needed niche in the criminal world — providing English- and German-speaking ‘stand-ins’ to help crooks (circumvent) bank security screening measures (by impersonating real account holders).”

The thieves, who got victim information from phishing attacks and keystroke logging malware, provided “stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.”

CallService.biz would assign a person from their databank, who matched the legitimate account holder’s gender and was proficient in the required language. That person would pose as the account holder and call the financial institution to authorize the fraudulent transaction.

Authorities said more than 2,000 identity thieves used the service to commit more than 5,000 acts of fraud.

Naskovets, who was arrested in the Czech Republic in 2010, just pleaded guilty in New York State and received 33 months in prison. His partner, Semashko, arrested the same day, has been charged in Belarus.

Manhattan U.S. Attorney Preet Bharara said in a statement: “This case is another example of how cybercrime knows no geographic boundaries and of how we will work with our partners in the United States and around the world to catch and punish cyber criminals.”

Because cybercrime knows no bounds and no boundaries, your company requires protection across all boundaries and time zones. In short, your company needs ThreatMetrix™ security.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Mobile transactions and Bring-Your-Own-Device (BYOD) have all proliferated and show no signs of slowing down in 2012. At the same time Trojan attacks and Man-In-The-Browser (MitB) page injections are becoming more innovative and sophisticated.

“In the last year, we have seen a significant increase in sophisticated MitB Trojan activities targeting financial institutions, payment processors, governments and online businesses. Additionally, cybercriminals are evolving beyond their traditional financial institution targets to now include alternative payment methods and digital currencies,” observed Andreas Baumhof, chief technology officer, ThreatMetrix.

“Technologies such as Facebook credits, Amazon gift cards or payment services – where you can transfer money via email – will become the new targets. Based on the high success rates of these targeted attacks, we expect this trend to grow exponentially in 2012, posing significant risks to businesses and institutions – particularly for organizations that continue to rely on traditional solutions for cybercrime prevention,” added Baumhof.

Malware infection rates are rising fast and fresh victims are constantly being targeted. Last year, there were 25 million new, unique strains of malware released. And, according to the Aite Group, that number is projected to grow to 87 million by the end of 2015. The shift toward BYOD workplace practices is increasing the risk to corporations and their assets and adding to traditional attacks on e-commerce.

With malware becoming a growing drag on business and threat to society as a whole, ThreatMetrix has identified other trends and predictions for 2012:

• Malicious Trojans will spread in more innovative ways. Social networks, such as Facebook and Twitter, open up new ways for cybercriminals to spread malware in addition to ‘traditional’ drive-by-downloads, which compromise well-known websites by distributing Trojans automatically. Well-known Twitter accounts are increasingly being infiltrated and used for malware distribution. The Carberp Trojan was distributed in 2010 on a recognized news website in the Netherlands, which pushed infection rates into the hundred-thousands.

• More MitB page injections. More fraudsters will employ MitB techniques to add malicious content – such as JavaScript – to a legitimate website, regardless of the Trojan used. The focus will turn away from solely financial institutions towards alternative payment methods, merchants and government, but also to social networking sites and identity theft in general.

• Mobile is the new target. The growth in mobile banking and mobile commerce will make mobile devices a big target for fraudsters. According to Baumhof he has already seen mobile devices targeted to defeat SMS-based two-factor authentication for Internet banking (Mitmo Trojan). Due to the open nature of the Android operating system, malware can spread quite quickly and Trojans can fairly easily hijack existing applications (DKFBootKit). Furthermore, we see more and more very sophisticated malware such as remote-controlled banking Trojans (Android/FakeToken.A) or even rootkits.

• Bring-Your-Own-Device (BYOD) trend increases risks. The BYOD trend in today’s corporate networks is opening the door for cybercriminals. They are becoming more adept at planting malware that turns employees into unwitting attackers of their own companies or accounts. While historically businesses needed to be vigilant about links from strange emails, BYOD is contributing to today’s malware threats through shared devices, search engine poisoning, image searches, hidden URLs, syndicated advertisements, and more.

• Security and fraud are converging. Many corporate assets are protected behind a corporate firewall with rigorous access control. The advent of cloud computing and an increased use of non-corporate owned computers – such as BYOD – have moved these assets outside of the corporate environment and into the ‘cloud.’ This effectively turns the security paradigm upside-down and shifts it to a fraud problem – which many enterprises haven’t been able to successfully protect.

“The best protection against this year’s slate of malware threat is to treat fraud prevention and malware detection in a single context,” said Baumhof. “Apart from the protection itself, one of the biggest benefits is that it provides an early warning system, which produces crucial information for all targeted systems.”

For more information, download the latest ThreatMetrix™ Labs Report.

Dmitri Alperovitch, who has consulted with the U.S. intelligence community, is the cybersecurity researcher who identified the China-based cyberespionage operation, Shady Rat, which stole confidential information from 72 government and corporate organizations over a five year period.

Recently, Alperovitch decided to conduct an experiment to see if he could load “Chinese malware” on a Google Android operating system. Noting iPhones would be just as vulnerable as Androids, Alperovitch exploited a previously unknown hole in smartphone browsers to plant the China-based malware, which was able to commandeer a device, record its calls, pinpoint its location and access user texts and emails. The “unknown hole” he exploited is known as a “zero-day vulnerability.” That is, manufacturers and anti-virus companies are unaware of it.

According to GulfNews.com, the malware Alperovitch and his team used had been reverse engineered from malware that had been disguised as a Google+ downloadable app. (Some time before, Google had removed the app from its Android Market app store when it learned of the malware.) Alperovitch was able to deliver the malware through a classic “spear phishing” attack. In this case, it was a text message from what looked like a mobile phone carrier, asking the user to click on a link.

Though China (and also Russia) deny they’re doing state-sponsored cyberespionage, James Clapper, a top U.S. Intelligence official, accused those countries of the “wholesale plunder of our intellectual property.”

No matter what the device or who’s conducting the spying, you can count on ThreatMetrix™ to protect your company and your customers. ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

“In separate non-public alerts sent late last week, Visa and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken – meaning that the information could be used to counterfeit new cards.” That’s what Brian Krebs, Krebs on Security, reports.

If the breaches took place between Jan. 21, 2012 and Feb. 25, 2012, it would be interesting to know when Visa and MasterCard found out about them. Sound too much like editorializing? Yes, you’re probably right. Anyway, if Visa and MasterCard knew for a while before going public, they probably had very good reasons – like not upsetting their cardholders or stockholders or the stock market.

Now Visa and MasterCard have gotten around to alerting the public to what’s being characterized as a massive breach involving some ten million compromised card holders.

Avivah Litan, vice president and distinguished analyst, at Gartner Group, says, “From what I hear, the breach involves a taxi and parking garage company in the New York City area” and she advises, “so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.” Talk about being taken for a ride.

Krebs’ sources say that the bulk of the fraudulent activity appears to be centering around commercial credit and debit cards that are issued to businesses. He also says he’s heard that law enforcement officers believe the breach may be connected to Dominican street gangs in and around New York City.

A Visa statement said it was not at Visa, but at a third-party company where the actual breach occurred. “Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet.”

The Wall Street Journal reported that the third party Visa alluded to was Global Payments Inc., which processes credit and debit cards for banks and merchants.

Avivah Litan lays blame for the breach on knowledge-based authentication (KBA). While she cannot categorically state it as a certainty until all the evidence is in, she heard that, “the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently.” She added, “Isn’t that usually the case? So if that’s indeed what happened, we can expect the PCI [(Payment Card Industry)] assessors to say NO to KBA on administrative accounts. They need to say NO to many different types of authentication which are being successfully bypassed by determined crooks.”

Litan’s advice, after thirty years in IT, is, “A layered approach is always best, since you have to assume the bad guys will get through one or two or even three layers.” Which is another way of saying, when all else fails, you can count on ThreatMetrix™.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Can you account for your whereabouts New Year’s Eve 2011? Why? Because a person or persons unknown swiped approximately 14,000 electronic patient medical records with information that included patient addresses, Social Security numbers and medical diagnoses. As a result, Impairment Resources, the national medical records firm that suffered the breach, has filed for bankruptcy.

The company was required by law to report the breach to the State Attorney General and the Department of Labor’s Office of Inspector General, which are both continuing the investigation.

Impairment Resources filed for Chapter 7 bankruptcy protection, the type of bankruptcy most often chosen by companies that decide to shut their doors and sell off their assets to pay off their debts.

The Wall Street Journal reports that the company’s assets were worth about $226,000. Even after money came in from liquidating sales, there would probably not be enough to pay off a $583,000 loan from the Insurance Recovery Group.

Beyond paying off its outstanding loan, Impairment Resources is faced with the possibility that customers and individuals would sue over the breach because their privacy had been violated.

Impairment Resources, which had offices in California, Massachusetts and Hawaii, reviewed medical records for workers’ compensation and auto casualty claims for approximately 600 insurance companies and other customers.

This single breach was like a pebble thrown into a pond. Its affects keep spreading, reaching out to disrupt the lives and livelihoods of thousands.

In addition to the bankruptcy, who knows what could happen to the people whose records were stolen? The possibilities include everything from identity theft to blackmail.

If protecting your company and its customers are your top priority, go with the company offering the top protection. And, that’s ThreatMetrix™.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Yes, Verizon we can hear you now. And, those of you responsible for security at your respective companies perhaps might want to listen too, because this is an exhaustive study: 2012 Data Breach Investigations Report (DBIR).  That’s exhaustive, not exhausting — though it runs 78 pages and you might want a break now and then.

The study was done by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service.

In addition to what it called “mainline cybercriminals,” this broadly based study touched on the effects of the Arab Spring, Occupy protests and hacktivism. “Doubly concerning for many organizations and executives was that target selection by these (hacktivist groups) didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”

Another area of great concern was the “continued attacks targeting trade secrets, classified information, and other intellectual property.”

The study pointed out that 2011’s 855 incidents and 174 million compromised records made it “the second-highest data loss total since (DBIR started) keeping track in 2004.”

Ninety-eight percent of the breaches were the result of external attacks either by organized crime, hacktivist groups or others. And breaches were most often the result of hacking and malware:

• 81 percent utilized some form of hacking up 31 percent
• 69 percent incorporated malware up 20 percent
• 10 percent involved physical attacks down19 percent
• 7 percent employed social tactics down 4 percent
• 5 percent  resulted from privilege misuse down12 percent

Not surprising perhaps, the study found that 79 percent of the victims were targets of opportunity. “Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.”

One thing to note is 85 percent of breaches took weeks or more to discover and 92 percent of incidents were discovered by a third party.

With the leading cause of breaches resulting from hacking (81 percent) and the second leading cause the result of malware (69 percent), it makes sense to look for solutions from the company which offers the greatest protection against those threats. That company is ThreatMetrix™.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

….With plenty left over to infect every inhabitant of Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City. No. It’s not tulip fever. It’s malware.

According to a McAfee Labs report, last year, more than 75 million unique malware samples hit the Internet, which is more than the entire population of The Netherlands and then some.

Security expert Vincent Weafer said, “Increasingly, we’ve seen that no organization, platform or device is immune to the increasingly sophisticated and targeted threats. On a global basis, we are conducting more of our personal and business transactions through mobile devices, and this is creating new security risks and challenges in how we safeguard our commercial and personal data.” And Android has been the biggest target for mobile malware writers.

On the Web, Business-Standard.com reports that in the last quarter of 2011, the total number of active malicious URLs was more than 700,000. “The vast majority of new malicious sites are located in the United States, followed by The Netherlands, Canada, South Korea and Germany. Overall, North America housed the largest amount of servers hosting malicious content, at more than 73 percent, followed by Europe-Middle East at more than 17 percent and Asia Pacific at 7 percent.”

In another study, PrivacyRights.org observed that the number of reports of data breaches via hacking, malware, fraud and insiders more than doubled since 2009 with more than 40 breaches reported in just the fourth quarter of 2011. The leading network threat was from vulnerabilities in Microsoft Windows remote procedure calls. This was followed closely by SQL injection and cross-site scripting attack; remote attacks that could be launched at selected targets anywhere around the globe.

So what’s the good news? The Netherlands, Luxembourg, Andorra, Liechtenstein, San Marino, Monaco and Vatican City are small countries; there could’ve been so many unique malware samples hitting the Internet that we would’ve had to use the populations of China and India as metaphors. While comparatively speaking that’s good news.

Uh, no. That’s not the good news.

The good news is ThreatMetrix™ “has your back.” ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions in the world with 300% year-over-year growth, closed a Series D financing round. Leading the investment round of $18 million in capital is August Capital with existing investors Tenaya Capital, US Venture Partners and CM Capital full participants.

“The previously separate worlds of fraud [prevention] and security are converging and ThreatMetrix is ideally situated to help companies and government entities reduce fraud losses while preventing data breaches from stolen identities,” said Vivek Mehra, general partner, August Capital. “Our confidence in ThreatMetrix is demonstrated by their impressive track record of rapid customer adoption, new market expansion and global growth. With today’s financing announcement, we hope to further accelerate that growth.”

As part of the financing round, Mehra joins the ThreatMetrix board of directors. The partners of August Capital have invested in leading companies such as Atheros, Microsoft, Postini, Sun, Symantec, Seagate, Skype and Splunk.

“We’re extremely pleased to have August Capital, one of the preeminent Silicon Valley venture capital firms, lead this round,” said Reed Taussig, president and CEO, ThreatMetrix. “ThreatMetrix is expanding on all fronts including new products, applications, markets and geographies. Our customers are deploying ThreatMetrix solutions across the enterprise on a global basis. Our recent TrustDefender acquisition has provided ThreatMetrix with the only integrated solution combining intelligent device identification with malware man-in-the-browser (MitB) detection and remediation available in the market today. This combination of products has positioned ThreatMetrix as the leader for device centric fraud prevention and as a competitive vendor for the evolving market of remote employee authentication popularly referred to as ‘bring your own device’ (BYOD).”

Taussig explains that the company will use the additional funding to continue its global expansion into e-commerce, financial services and the enterprise remote employee access markets.

What’s ThreatMetrix’s success based on? Here are some highlights:

• Achieved Record Growth: ThreatMetrix recorded 300 percent growth year-over-year in 2011. The company protects more than 5,000 Web sites from some of the largest global brands profiling nearly 1 billion devices on a monthly basis.

• Completed Strategic Acquisition: In December 2011, ThreatMetrix completed the acquisition of TrustDefender™, a recognized leader of malware detection and prevention technologies. With the acquisition, ThreatMetrix is the first company to combine advanced device identification and malware detection in a single platform backed by a global network of shared intelligence.

• Acquired New Customers: ThreatMetrix grew its customer base in excess of 700 customers worldwide, both direct and through its reseller channel. Financial services customers – many of whom use ThreatMetrix solutions to meet FFIEC guidance for a layered security program that combines complex device identification and anti-malware controls – represent over 40 percent of ThreatMetrix’s installed base with e-commerce, social networks, government, and healthcare completing the mix.

• Released New Products: In January 2012, ThreatMetrix launched the ThreatMetrix™ Cybercrime Defender Platform – incorporating TrustDefender™ ID, TrustDefender™ Cloud, TrustDefender™ Client and TrustDefender™ Mobile – that enables the company to address fraud prevention and malware protection as a single problem, delivering real benefits to customers at a lower cost.

• Expanded International Presence: ThreatMetrix opened new sales and engineering offices in Australia and EMEA headquarters in the Netherlands. Nearly 40 percent of ThreatMetrix’s business is international with Europe leading the way. Additionally, ThreatMetrix operates a European data center to provide faster and more accurate fraud screening. It has also secured European Safe Harbor Certification that highlights ThreatMetrix’s ongoing commitment to protect the privacy of individuals in Europe, the U.S. and wherever the company conducts business around the globe.

• Expanded Use Cases: ThreatMetrix expanded its customer use case scenarios beyond account origination, account logins, and payments and transactions into the remote employee access market for major corporations. In an evolving BYOD world, enterprises can’t ignore the evolving threats of allowing unknown devices connecting into their corporate networks.

• Hired Strategic Leaders: ThreatMetrix made several strategic hires including Andreas Baumhof, CTO (formerly CEO of TrustDefender); Bert Rankin, vice president of marketing; Bruce Scott, vice president of worldwide engineering and Frank Teruel, CFO.

• Expanded Partner Ecosystem: ThreatMetrix expanded its partner ecosystem with TransUnion, a global leader in information and risk management, to help customers validate name, phone number and address information. ThreatMetrix also partnered with ActivIdentity™ Corporation to enable the ActivIdentity 4TRESS™ Authentication Appliance customers to connect with the ThreatMetrix Cybercrime Defender Platform to support secure authentication without the use of physical credentials such as smart cards or tokens.

• Secured Analyst Recognition: ThreatMetrix was positioned by Gartner in the “Visionaries” quadrant of the “Magic Quadrant for Web Fraud Detection;” a “strong performer” in “The Forrester Wave™: Risk-Based Authentication, Q1 2012” and was highlighted in Aite Group’s recent “Complex Device-Printing: A Front-Line Essential.”

• Secured Industry Recognition: ThreatMetrix was named to Gartner’s list of “Cool Vendors” in the Gartner “Cool Vendors in Context-Aware Computing, 20113” and received a Red Herring 100 Global and a Top 100 North America company award.

• Launched ThreatMetrix Labs: In February 2012, ThreatMetrix launched ThreatMetrix™ Labs, which generates in-depth reports on the latest capabilities of malware that target financial institutions, merchants and online businesses.

• Hosted Inaugural User Conference: ThreatMetrix held its inaugural 2011 ThreatMetrix™ Fraud Fighters Summit, October 9 – 10 in Monterey, California with more than 175 registrants.

• Enhanced Corporate Infrastructure: In late 2011, ThreatMetrix moved its worldwide headquarters to San Jose, California to accommodate the company’s growing workforce. Employee headcount grew 20 percent in 2011.

The old saying goes that “you can’t teach an old dog new tricks.” But, nothing says “you can’t teach a new dog old tricks.” Which is what cybercriminals are doing by borrowing a trick or two from desktop days and applying them to smartphones. At least that’s the import of an article by Michael Lee’s on ZDNet.com.

Now, in previous blogs, we’ve talked about how cybercriminals use Twitter to steer smart phone users to places online where cybercrooks have malware stashed. Though it can be used for other nasty things, this malware is often used to force a phone to send SMS texts to premium-rate numbers with the cybercriminal getting a chunk of the action for the higher fees.

“During a single eight-hour operation, [security expert Joji Hamada] witnessed over 130,000 malicious tweets from about 100 Twitter accounts. Another operation saw over 1500 tweets from over 50 accounts in one hour. He said that this could just be the tip of the iceberg as several operations are typically conducted at the same time.”

Here’s an interesting sidelight. Cybercriminals use malware against smartphones the same way they used to use it against desktops. In the days of the desktop (apologies to everybody still using desktops), whenever the user’s antivirus found a cure for a particular strain of malware, the cybercriminal would develop a new strain or new virus. This one-upmanship arms race is now taking place on smartphones with cybercriminals getting an added advantage by trading on one of the smartphone’s major attractions. And, that is the ability to have access to the Internet anytime, anywhere 24/7/365. This offers cybercriminals, as Hamada puts it, to “mix their game around, thereby making it difficult to recognize all bad tweets.”

Research and security professional, Dinesh Venkatesan, found another anti-detection technique that cybercriminals use that’s borrowed from desktop days. It’s called reflection and allows the executing program to examine classes and, among other abilities, find particular functions to execute at runtime without necessarily knowing what the code is at compile time.

As a matter of course, when malware calls a sendTextMessage() function in Android for example, anti-malware applications are warned there’s a suspicious activity going on.

Based on reflection Venkatesan said, “Instead of directly calling the sendTextMessage() function, the malware stores the name of the function as a presumably harmless string and, after searching the API[*] for the function by this name, stores its location as a reference. When the malware then wants to execute the sendTextMessage() function, it will call on this reference rather than its direct name. For static code analysis tools, this is typically enough for the malware to escape detection.”

* If you’re not into programming, an API or application programming interface is used as an interface by software components to communicate with each other.

Additionally, Venkatesan “found that these particular samples were taking steps to encrypt the data they used. In particular, criminals had taken steps to ensure that the data was only decrypted at runtime. From here, the data was stored in memory as an XML file and used to determine which number to send SMS messages to and their content.” So it seems new dogs not only learn old tricks, they can also come up with new ones.

Desktops to smartphones and all devices in between – ThreatMetrix™ has solutions for fighting cybercriminals wherever they choose to wage crime.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Do you know your malware? Sometimes we take it for granted that everybody’s speaking the same language because they’re using the same words. Here’s a real-life example from the time of the Vietnam War. When a recently separated soldier, who’d just gotten back from Vietnam, was asked how he was doing, he replied, “Uptight.”

A look of concern came over his friend who’d never been in the army. “What’re you uptight about?”

“Huh?” questioned the ex-soldier.

“What?” responded his friend.

The conversation could’ve continued this way all night, but mercifully one of them asked what “uptight” meant to the other.

It seemed “uptight” from the U.S. army’s “uptight outta sight” meant everything was perfect, while the rest of the world took “uptight” to mean nervous and worried.

To get everyone using the same words to describe different types of malware, we’d like to thank pcmag.com and Neil Rubenking, Lead Analyst for Security at pcmag.com, for providing these definitions.

Adware. As the name suggests, the purpose of adware is to display ads. That doesn’t sound too awful, but some adware threats bombard you with so many ads you can hardly use the computer.

APT (Advanced Persistent Threat). The term APT refers to an elaborate attack like Duqu or Stuxnet that’s backed by a government or other powerful group. You probably won’t get hit by an APT, but your bank or your business might.

Backdoor. Just as it sounds, a backdoor opens up your computer to hack attack. It allows full access to everything on the computer, bypassing the requirement to log in with a Windows password.

Bot. On its own, a bot isn’t harmful. The creator, or “bot herder,” works hard to get as many silent bot infestations as possible installed, then rents out the bot network to others. DDoS (Distributed Denial of Service) attacks are often managed by sending commands to a bot network that cause all the infested PCs to run an attack script.

Dialer. You’re not likely to suffer a dialer attack. This type of malware uses the computer’s modem to make calls to premium numbers, running up charges on the victim’s phone bill. But these days, with virtually everyone on broadband, dialers aren’t every effective.

Dropper. A dropper doesn’t harm your system itself. Instead, it installs other threats, or opens a channel through which the bad guys can push malware.

Exploit. Sometimes the bad guys discover a way to exploit a bug in the operating system or in a common program; typically the exploit lets them execute code opens the door to other malware. Legitimate vendors do their best to patch these holes, naturally.

Keylogger. Basically a form of spyware, a keylogger captures everything you type, including passwords and other sensitive information. Some keyloggers also capture screenshots, log your Web browsing history, record anything copied to the clipboard, and more.

Malware. The comprehensive term malware applies to any software whose purpose is malicious, including (but not limited to) all of the other types described here.

Ransomware. A ransomware threat encrypts your important documents, disables Windows logon, or otherwise makes your computer unusable until you pay the ransom demanded by its perpetrators. It’s a bit dodgy for the perps, since they might be tracked through the ransom payment.

RAT (Remote Access Trojan). Like all Trojans, a RAT masquerades as an innocent and useful program. Behind the scenes, though, it opens up a backdoor that gives its owner complete access to the affected computer.

Rootkit. Antivirus software can only remove threats that it can detect. Rootkit technology hides a threat’s file and Registry traces so that most programs can’t “see” them. Only specialized anti-malware technology can bring the hidden traces into view.

Scareware. A fake antivirus that pretends to find problems on your system and displays a big, frightening warning—that’s scareware. Naturally you must pay the registration before it will “fix” the made-up problems. In most cases there’s no actual malicious code, just a huge scam to con you into paying money for nothing.

Spyware. Spyware simply means malicious software that steals credit card numbers, passwords, and other sensitive personal information.

Trojan. Named for the Trojan Horse of legend, a Trojan is a seemingly benign program that does something nasty in secret. Trojans are the most common type of malware on the Android platform. While you play a Trojanized Android game, it may be sending your contacts to a server in Russia, or making $10/minute phone calls.

Virus. A computer virus spreads by injecting its code into other programs or, less commonly, into the boot sector of a disk. When you execute the infected program, the virus code runs too. It may simply infect more files, or it may perform a “payload” action like wiping out your hard drive.

Worm. Like a virus, a worm replicates itself within the computer or across the network. Unlike a virus, it doesn’t wait for you to launch an infected program. Network worms can spread around the world with alarming rapidity.

Mix and Match. These categories aren’t mutually exclusive. A Trojan could use keylogger technology to spy on you and steal passwords. A virus could hide from antivirus programs using rootkit technology.

Now that you know they’re proper names, it’s time to fight them with the best weapons in the world – solutions from ThreatMetrix™.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.